From patchwork Fri Jun 5 07:49:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Umang Jain X-Patchwork-Id: 3927 X-Patchwork-Delegate: umang.jain@ideasonboard.com Return-Path: Received: from o1.f.az.sendgrid.net (o1.f.az.sendgrid.net [208.117.55.132]) by lancelot.ideasonboard.com (Postfix) with ESMTPS id 8D463603C7 for ; Fri, 5 Jun 2020 09:49:02 +0200 (CEST) Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key; unprotected) header.d=uajain.com header.i=@uajain.com header.b="cL11k7zk"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uajain.com; h=from:subject:mime-version:to:cc:content-transfer-encoding: content-type; s=s1; bh=h0C/WAYbKCnoEOJNIRxm36J5k2YWuJnVw3N3ykbrvAo=; b=cL11k7zk7DaTLtr27TDicP2oI9ykRH0XNMT9A5aK71JLbtswugpfGB3yr3yYuqH4QqYB ve+3lnirqL/aOSfavHJPyBLPh1/pglYznZKoxWMWywrrINRV3pSJExAhQYLuKVJKpSpGNP mOKoNhceZyN7Y1sBEoMEn3fvCMLTdZtaU= Received: by filterdrecv-p3mdw1-6f5df8956d-dtkn2 with SMTP id filterdrecv-p3mdw1-6f5df8956d-dtkn2-21-5ED9F8EC-47 2020-06-05 07:49:00.93805191 +0000 UTC m=+128116.757044355 Received: from mail.uajain.com (unknown) by ismtpd0002p1maa1.sendgrid.net (SG) with ESMTP id _7ei12dHRFO00p4xYnD31A for ; Fri, 05 Jun 2020 07:49:00.304 +0000 (UTC) From: Umang Jain Date: Fri, 05 Jun 2020 07:49:00 +0000 (UTC) Message-Id: <20200605074856.83927-1-email@uajain.com> Mime-Version: 1.0 X-SG-EID: 1Q40EQ7YGir8a9gjSIAdTjhngY657NMk9ckeo4dbHZDiOpywc/L3L9rFqlwE4KPc9vLW9W8H4bP+KZ0PPVtunwq9uf3kT61EILS3J9eMP4vzfBA46vY0T19v8UKFtYkyMSNLlrZnc+mGBF/sBfUu/SXST1DJn9BKNLNSMyvNq0o8qBHShe4itCxmYzLcnZDK4q/wL0xWIwpraBMOKv8Q+zNPLFEyTTvc6xeFEejPOzNlkxxX1s0x+FbAwgVukiLtP7K6H9QSEfGyP9Okv3Mx0Q== To: libcamera-devel@lists.libcamera.org Subject: [libcamera-devel] [PATCH] libcamera: ipa_module: Fix implicit sign-extension in eflLoadSymbol X-BeenThere: libcamera-devel@lists.libcamera.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2020 07:49:03 -0000 This sub-expression of two (16 bits, unsigned) operands (targetSymbol->st_shndx * eHdr->e_shentsize) is promoted to type int (32 bits, signed) for multiplication and then added to eHdr->e_shoff, which is of the type long (64 bits, unsigned). Since eHdr->e_shoff is unsigned, the integer conversion rules dictates that the other signed operand(i.e. the resultant of aforementioned sub-expression) will be converted to unsigned type too. This causes sign-extension for both of the above operands to match eHdr->e_shoff's type and should be avoided. The solution is to explicitly cast one of the operands of the sub-expression with unsigned int type. Hence, the other operand will be integer promoted and the resultant will also be of unsigned int type, not requiring to bother about a sign-extension. Reported-by: Coverity CID=280008 Reported-by: Coverity CID=280009 Reported-by: Coverity CID=280010 Signed-off-by: Umang Jain Reviewed-by: Kieran Bingham --- src/libcamera/ipa_module.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp index 91534b6..dd7538b 100644 --- a/src/libcamera/ipa_module.cpp +++ b/src/libcamera/ipa_module.cpp @@ -102,7 +102,8 @@ Span elfLoadSymbol(Span elf, const char *symbol) if (!eHdr) return {}; - off_t offset = eHdr->e_shoff + eHdr->e_shentsize * eHdr->e_shstrndx; + off_t offset = eHdr->e_shoff + ((uint64_t)eHdr->e_shentsize * + eHdr->e_shstrndx); ElfW(Shdr) *sHdr = elfPointer(elf, offset); if (!sHdr) return {}; @@ -167,7 +168,8 @@ Span elfLoadSymbol(Span elf, const char *symbol) /* Locate and return data of symbol. */ if (targetSymbol->st_shndx >= eHdr->e_shnum) return {}; - offset = eHdr->e_shoff + targetSymbol->st_shndx * eHdr->e_shentsize; + offset = eHdr->e_shoff + ((uint64_t)targetSymbol->st_shndx * + eHdr->e_shentsize); sHdr = elfPointer(elf, offset); if (!sHdr) return {};